The manufacturing industry continues to face the highest volume of email-based cyber attacks, according to the latest Email Threat Landscape Report from VIPRE Security Group.
The Q2 2025 findings reveal that manufacturers accounted for 26% of all recorded email threats during the quarter – more than any other sector – marking the sixth consecutive quarter the industry has held this unwanted top spot.
Customised phishing kits on the rise
One of the most alarming developments highlighted in the report is the growing use of unidentifiable phishing kits, which now underpin 58% of phishing sites. These customised or heavily obfuscated kits make it difficult for security teams to reverse-engineer or detect malicious campaigns. Tools such as Evilginx (20% of deployments), Tycoon 2FA (10%), and 16shop (7%) remain prevalent, but the trend towards bespoke kits – often enabled by AI – is accelerating.
Why manufacturing is a prime target
While retail (20% of incidents) and healthcare (19%) also feature prominently, manufacturing has become particularly attractive to cyber criminals due to the industry’s reliance on complex supply chains, high-value intellectual property, and often heterogeneous legacy systems. Email-based threats in the sector range from business email compromise (BEC) to sophisticated phishing and malspam campaigns.
BEC campaigns targeting executives
VIPRE’s analysis shows that BEC remains a significant risk, particularly in Scandinavia where attackers are increasingly tailoring campaigns in native languages. While English-speaking executives are still most targeted globally (42%), Danish executives account for 38% of observed attempts in the region, with Swedish and Norwegian executives making up a combined 19%. Impersonation tactics are the most common BEC method, with 82% of attacks aimed at CEOs and other senior executives.
Lumma Stealer: malware of the quarter
Lumma Stealer has emerged as the most prevalent malware family in Q2 2025, delivered primarily via malicious attachments or phishing links hosted on legitimate-looking cloud services such as OneDrive and Google Drive. Sold as a low-cost Malware-as-a-Service (MaaS), it is attractive to both seasoned and novice cyber criminals, making it a versatile and persistent threat.
Tactics, techniques and lures
Financially themed lures remain the most common bait, representing 35% of observed campaigns. Urgency-driven messages (25%) and account verification requests (20%) follow closely behind. PDFs remain the favoured malicious attachment format (64%), with an increasing number now embedding QR codes to launch attacks.
For link delivery, attackers frequently use open redirects on legitimate marketing or tracking platforms (54%), alongside compromised websites (30%) and shortened URLs (7%). The most common exploitation techniques include HTTP POST to remote servers (52%) and email exfiltration (30%).
Call for stronger defenses
VIPRE warns that traditional cyber security measures are no longer sufficient against today’s AI-enhanced, hyper-personalised phishing campaigns. “Organisations can no longer rely on standard cyber security processes, techniques, and technology,” said Usman Choudhary, Chief Product and Technology Officer at VIPRE. “They need comprehensive and advanced email security solutions that can help them deploy like-for-like defences – at the very least – if not stay a step ahead.”
Download the full VIPRE Security Group Email Threat Trends Report: 2025: Q2 for more information.
For more articles like this, visit our Digital Transformation channel
